Техническая информация
- '%TEMP%\RarSFX0\m.exe' "http://do####ad.youbak.com/msn/software/partner/36a.exe"
- '%TEMP%\1_YoudaoDict_zhusha_quantui_001.exe'
- '%TEMP%\RarSFX0\m.exe' "http://in.##inaitlm.cn/tb.exe"
- '%TEMP%\1_36a.exe'
- '%TEMP%\RarSFX0\m.exe' "http://in.##inaitlm.cn/ha.exe"
- '%TEMP%\1_ha.exe'
- '%TEMP%\RarSFX0\m.exe' "http://so##.#hinaitlm.cn/soft/YoudaoDict_zhusha_quantui_001.exe"
- '%TEMP%\1_ha.exe' (загружен из сети Интернет)
- '%TEMP%\1_36a.exe' (загружен из сети Интернет)
- '%TEMP%\1_YoudaoDict_zhusha_quantui_001.exe' (загружен из сети Интернет)
- %TEMP%\1_YoudaoDict_zhusha_quantui_001.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\36a[1].exe
- %TEMP%\1_36a.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\YoudaoDict_zhusha_quantui_001[1].exe
- %TEMP%\RarSFX0\m.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ha[1].exe
- %TEMP%\1_ha.exe
- 'so##.#hinaitlm.cn':80
- 'localhost':1043
- 'do####ad.youbak.com':80
- 'localhost':1038
- 'in.##inaitlm.cn':80
- 'localhost':1041
- do####ad.youbak.com/msn/software/partner/36a.exe
- so##.#hinaitlm.cn/soft/YoudaoDict_zhusha_quantui_001.exe
- in.##inaitlm.cn/ha.exe
- DNS ASK do####ad.youbak.com
- DNS ASK so##.#hinaitlm.cn
- DNS ASK in.##inaitlm.cn
- ClassName: 'qnmdb' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'